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Amendment to the Claims : 

This listing of claims replaces all prior versions, and 
listings, of claims in the application: 



element if a classification parameter is available for internet 
Protocol security (IPsec) traffic that indicates a route for the 
IPsec traffic and classifying said traffic if available ; 

if [[a]] said classification parameter is not available, 
decrypting the IPcksc traffic at a second location if and the 
IPsec traffic is encrypted then decrypting traffic in a 
decrypting forwarding element after said traffic has passed 
thro ugh said classifying forwarding element, and determining the 
classification parameter for the IPsec traffic at the s econd 
■ location decrypting forwarding element ; and 

forwarding the IPsec traffic based on the classification 
parameter . 

2. (Currently amended) The method of claim 1 further 
comprising receiving the IPsec traffic at the firot location 
classifying fo r warding element . 




(Currently amended) A method comprising: 



determining at a first 



l classifying forwarding 
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3. (Original) The method of claim 1 in which the 
classification parameter includes a security parameter index 
(SPI) associated with the IPsec traffic. 




4. (Original) The method of claim l in which the IPsec 
traffic includes a data packet. 



5. (Original) The method of claim 1 further comprising 
forwarding other IPsec traffic included in a traffic stream with 
the IPsec traffic based on the classification parameter. 

6. (Currently amended) An article comprising: 

a machine -readable medium which stores machine -executable 
instructions, the instructions causing a machine to: 

determine at a first mechanism if a classification 
parameter is available for Internet Protocol security (IPsec) 
traffic that indicates a route for the IPsec traffic; 

if a classification parameter is not available, 
decrypt the IPooo traffic - afr sending said traffic to a second 
mechanism after said traffic has passed said first mechanism, 
and which second mechanism decrypts the IPsec traffic if the 
IPsec traffic is encrypted and determine the classification 
parameter for the IPsec traffic at the second mechanism; and 
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forward the IPsec traffic based on the classification 

parameter. 

7. (Original) The article of claim 6 further causing a 
machine to receive the IPaec traffic at the first mechanism. 

8. (Original) The article of claim 6 in which the 
classification parameter includes a security parameter index 
(SPI) associated with the IPsec traffic. 

9. (Original) The article of claim 6 in which the IPsec 
traffic includes a data packet. 

10. (Original) The article of claim 6 further causing a 
machine to forward other IPsec traffic included in a traffic 
stream with the IPsec traffic based on the classification 
parameter . 

11. (Currently amended) A system comprising: 
a firot mechanism a classifying forwarding element: 

configured to communicate with a network f to determine if a 
classification parameter that indicates a route for a traffic 
9tream is available for a packet included in the traffic stream; 
and 
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a second mcGhaniom a_ decryption forwarding element 
configured to receive the packet from the firot moohaniom 
classifying forwarding element , to perform an en cr yption 
procedure on decrypt the packet if the packet is encrypted and 
associated with a known encryption-related key, and determine 
said cl assifica tion parameter / if the classification parameter 
is available from either of said forwarding eleme nts, to forward 
the packet based on the route for the traffic stream. 

12. (Currently amended) The system of claim 11 further 
comprising a third mechanism configured to communicate with the 
first mcchaniom classifying forwarding element and with the 
second mechanism decryption forwarding element and to determine 
a classification parameter for the packet if a classification 
parameter is not available. 

13. (Currently amended) The system of claim 12 in which 
the second mechanism is also configured to forward the packet to 
the third mechanism if the packet is not associated with a known 
encryption-related key . 

14. (Currently amended) The system of claim 12 in which 
the third mechanism is also configured to, after determining the 
classification parameter for the packet, forward the 
classification parameter to the first mechanism, 
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15. (Currently amended) The system of claim 12 in which 
the third mechanism is also configured to, after determining the 
encryption -related key for the packet, forward the 
encryption-related key to the Dccond mcchaniam decryption 
forwarding element so that the occond mcohaniom decryption 



forwarding element can perform the encryption-related procedure. 

16. (Cancelled) 

17. (Currently amended) The system of claim 11 further 
comprising a plurality of additional mechanisms, each additional 
mechanism configured to communicate with the firot mcohaniam, 
classification forwarding device to perform an encryption 
proc edu re on encrypt the packet if the packet is encrypted and 
associated with a known encryption-related key, and, if the 
classification parameter is available r to forward the packet 
based on the route for the traffic stream. 

18. (Original) The system of claim 11 in which the packet 
includes an Internet Protocol security data packet. 

19. (Original) The system of claim 11 in which the traffic 
stream includes a plurality of Internet Protocol security data 



PAGE 8112 ' RCVD AT 12/23/2003 8:56:20 PM [Eastern Standard Time] ' SVR:USPT0-EFXRF-1/1 ' DN1S:8729306 ' CSID:1 858 678 5099 * DURATION (mm-ss):04-06 




packets . 



7 



12/23/2003 17:58 FAX 1 858 678 5093 



FISH AND RICHARDSON 



@ 009/012 



ALtorney's Docket No .: 10559-340001 

Serial No.: 09/774,429 

Amendment Gated December 23, 2003 

Reply to Office Action dated September 23, 2003 

20, (Original) The system of claim 11 in which the first 
mechanism is also configured to forward the packet to the second 
mechanism if the packet is encrypted, 

21-. (Original) The system of claim 11 in which the route 
for the traffic stream includes a route through a network. 

22. (Original) The system of claim 21 in which the network 
includes an Internet. 

23. (Original) The system of claim 11 in which the 



24. (Original) The system of claim 11 in which the 
encryption procedure includes decrypting the packet . 

25. (Original) The system of claim 11 further comprising 
another mechanism configured to receive the packet from the 
second mechanism and to forward the packet based on the route to 
an ultimate destination of the packet. 

26. (Original) The system of claim 11 in which the first 
mechanism is also configured to route packets included in the 
traffic stream based on a load balancing scheme. 




encryption procedure includes encrypting the packet. 
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